added extra check for save internal link extensions. (for use with
magicHTML)
Maybe this is the wrong fix but in case of iframes tags with a cid link to an
internal entity it's possible that stupid users download attached virus
entities because the iframe src pointed to a filename with .scr, .exe, .bat or
other extension. This patch only allow the following hardcoded save extensions:
gif, jpeg, jpg, png, bmp.
To do:
notify user in case of invalid extensions.
totally remove iframes because I think in most cases (virus) they are unsave.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3468
7612ce4b-ef26-0410-bec9-
ea0150e637f0
projects / squirrelmail.git / commit